Hello,
I am trying to parse a single log file with multiple grok pattern as below:
grok {
break_on_match => false
match => {"message" => ["%{TIMESTAMP_ISO8601:timestamp_match}%{SPACE}[%{SPACE}%{WORD:number}]%{SPACE}[[^[]]]%{SPACE}[%{SPACE}%{WORD:demo_no}]%{SPACE}[%{WORD:log_level}]%{SPACE}[%{WORD:info}]", "%{TIMESTAMP_ISO8601:timestamp_match}%{SPACE}[%{SPACE}%{WORD:number}]%{SPACE}[[^[]]]%{SPACE}[%{SPACE}%{WORD:demo_no}]%{SPACE}[%{WORD:log_level}]%{SPACE}[%{WORD:soap_type}]%{SPACE}[%{WORD:info}]"
]
}
MY logs look like below:
+++ [AAANG] +++++++++++++++++++++++++++++++++++++++++
2017-04-26 07:59:44,884 [ 3] [bc9d7002-775f-40ed-8322-a2e3e5rrr66e] [ demo3] [DEBUG] [SoapRequest] [PW.Infrastructure.Web.Services.SoapLogExtension.WriteOutput]
2017-04-26 07:59:44,888 [ 3] [bc9d7002-775f-40ed-8322-a2e3e5rrr66e] [ demo3] [DEBUG] [<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">soap:BodyeeeWWWW</soap:Body></soap:Envelope>] [PW.Infrastructure.Web.Services.SoapLogExtension.WriteOutput]
2017-04-26 07:59:45,039 [ 3] [bc9d7002-775f-40ed-8322-a2e3e5rrr66e] [ demo3] [DEBUG] [SoapResponse] [PW.Infrastructure.Web.Services.SoapLogExtension.WriteInput]
Can u please point out what is wrong?